uvm_fault(0xffffffff827bce58, 0xfffffd7f803086d6, 0, 1) -> e kernel: page fault trap, code=0 Stopped at pool_do_put+0x12e: movq 0x8(%rbx),%rbx ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic kernel page fault uvm_fault(0xffffffff827bce58, 0xfffffd7f803086d6, 0, 1) -> e pool_do_put(ffffffff827ef020,fffffd8057d23600) at pool_do_put+0x12e sys/kern/subr_pool.c:836 end trace frame: 0xffff80001f9a5020, count: 0 ddb> trace pool_do_put(ffffffff827ef020,fffffd8057d23600) at pool_do_put+0x12e sys/kern/subr_pool.c:836 pool_put(ffffffff827ef020,fffffd8057d23600) at pool_put+0x4b sys/kern/subr_pool.c:794 m_free(fffffd8057d23600) at m_free+0x119 sys/kern/uipc_mbuf.c:459 rt_ifa_del(ffff800000b2bb00,800100,ffff800000b2bb40,0) at rt_ifa_del+0x402 sys/net/route.c:1197 in6_unlink_ifa(ffff800000b2bb00,ffff800000ac6000) at in6_unlink_ifa+0x571 sys/netinet6/in6.c:943 in6_update_ifa(ffff800000ac6000,ffff80001f9a5580,0) at in6_update_ifa+0x13e7 sys/netinet6/in6.c:875 in6_ioctl_change_ifaddr(8080691a,ffff80001f9a5580,ffff800000ac6000) at in6_ioctl_change_ifaddr+0x40c sys/netinet6/in6.c:352 ifioctl(fffffd806252bc80,8080691a,ffff80001f9a5580,ffff80001d6c3608) at ifioctl+0xe60 sys/net/if.c:2180 sys_ioctl(ffff80001d6c3608,ffff80001f9a5698,ffff80001f9a56e0) at sys_ioctl+0x4a1 syscall(ffff80001f9a5760) at syscall+0x507 sys/arch/amd64/amd64/trap.c:570 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x23e629800a0, count: -11 ddb> show registers rdi 0xffffffff81e830c5 pool_do_put+0x125 rsi 0x14c rbp 0xffff80001f9a4fd0 rbx 0xfffffd7f803086ce rdx 0x14d rcx 0xffff80001d7a0000 rax 0xffff80001d7a0000 r8 0x4 r9 0x5 r10 0xbd7f58f507d01917 r11 0x1d7a504717883fb3 r12 0xfffffd8057d23600 r13 0xc5ad917f803086ce r14 0xffffffff827ef020 mbpool r15 0xfffffd805bb29810 rip 0xffffffff81e830ce pool_do_put+0x12e cs 0x8 rflags 0x10212 __ALIGN_SIZE+0xf212 rsp 0xffff80001f9a4f20 ss 0x10 pool_do_put+0x12e: movq 0x8(%rbx),%rbx ddb> show proc PROC (syz-executor.1) pid=495436 stat=onproc flags process=0 proc=4000000 pri=32, usrpri=80, nice=20 forw=0xffffffffffffffff, list=0xffff80001d6c2768,0xffffffff82829c20 process=0xffff80001d6c5970 user=0xffff80001f9a0000, vmspace=0xfffffd8053420120 estcpu=30, cpticks=1, pctcpu=0.0 user=0, sys=1, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 13328 75173 1387 0 2 0 syz-executor.1 *13328 495436 1387 0 7 0x4000000 syz-executor.1 30 17731 0 0 3 0x14200 acct acct 76866 446688 1 0 3 0x100083 ttyin getty 49957 161839 0 0 3 0x14200 bored sosplice 57914 367671 74617 0 3 0x2 biowait syz-executor.0 1387 83760 74617 0 3 0x82 nanosleep syz-executor.1 74617 354890 93922 0 3 0x82 thrsleep syz-fuzzer 74617 213139 93922 0 3 0x4000082 nanosleep syz-fuzzer 74617 46042 93922 0 3 0x4000082 thrsleep syz-fuzzer 74617 463278 93922 0 3 0x4000082 thrsleep syz-fuzzer 74617 229098 93922 0 3 0x4000082 thrsleep syz-fuzzer 74617 341835 93922 0 3 0x4000082 kqread syz-fuzzer 74617 248716 93922 0 3 0x4000082 thrsleep syz-fuzzer 74617 156539 93922 0 3 0x4000082 thrsleep syz-fuzzer 93922 353002 14905 0 3 0x10008a pause ksh 14905 511350 17610 0 3 0x92 select sshd 17610 165907 1 0 3 0x80 select sshd 3893 522248 64106 73 3 0x100090 kqread syslogd 64106 367786 1 0 3 0x100082 netio syslogd 93030 84707 1 77 3 0x100090 poll dhclient 48503 519366 1 0 3 0x80 poll dhclient 80981 364567 0 0 3 0x14200 bored smr 98925 482851 0 0 2 0x14200 zerothread 11233 404794 0 0 3 0x14200 aiodoned aiodoned 20321 44963 0 0 3 0x14200 syncer update 66475 370166 0 0 3 0x14200 cleaner cleaner 15520 207511 0 0 3 0x14200 reaper reaper 16009 109362 0 0 3 0x14200 pgdaemon pagedaemon 60179 189999 0 0 3 0x14200 bored crynlk 54426 104579 0 0 3 0x14200 bored crypto 23537 213647 0 0 3 0x40014200 acpi0 acpi0 43104 257097 0 0 3 0x14200 bored softnet 69188 315766 0 0 3 0x14200 bored systqmp 34936 329120 0 0 3 0x14200 bored systq 46872 417778 0 0 3 0x40014200 bored softclock 88527 317425 0 0 3 0x40014200 idle0 1 281066 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 9488 6354K 7494K 78643K 12353 0 pcb 13 8K 8K 78643K 56 0 rtable 113 4K 8K 78643K 477 0 ifaddr 71 15K 17K 78643K 181 0 sysctl 1 1K 1K 78643K 1 0 counters 21 16K 16K 78643K 27 0 ioctlops 0 0K 4K 78643K 71 0 iov 0 0K 14K 78643K 338 0 mount 1 1K 1K 78643K 1 0 vnodes 1230 77K 78K 78643K 1654 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 5K 78643K 9 0 VM map 2 0K 0K 78643K 2 0 sem 12 0K 1K 78643K 29 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1809 195K 288K 78643K 12938 0 file desc 5 13K 25K 78643K 433 0 sigio 0 0K 0K 78643K 2 0 proc 49 38K 63K 78643K 388 0 subproc 32 2K 2K 78643K 36 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 ip_moptions 0 0K 0K 78643K 23 0 in_multi 65 3K 3K 78643K 136 0 ether_multi 1 0K 0K 78643K 7 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 49 228K 228K 78643K 49 0 exec 0 0K 1K 78643K 206 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 7 26K 26K 78643K 7 0 UVM amap 146 72K 97K 78643K 1846 0 UVM aobj 25 4K 4K 78643K 25 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 ip6_options 0 0K 0K 78643K 40 0 NDP 10 0K 0K 78643K 30 0 temp 96 3851K 3915K 78643K 4274 0 kqueue 3 4K 14K 78643K 19 0 SYN cache 2 16K 16K 78643K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle arp 64 7 0 0 1 0 1 1 0 8 0 rtpcb 80 31 0 29 1 0 1 1 0 8 0 rtentry 112 62 0 16 2 0 2 2 0 8 0 unpcb 120 239 0 231 1 0 1 1 0 8 0 syncache 264 8 0 8 2 1 1 1 0 8 1 tcpqe 32 313 0 313 2 1 1 1 0 8 1 tcpcb 544 110 0 106 1 0 1 1 0 8 0 ipq 40 5 0 5 2 2 0 1 0 8 0 ipqe 40 96 0 96 2 2 0 1 0 8 0 inpcb 296 317 0 307 3 1 2 2 0 8 1 nd6 48 21 0 15 1 0 1 1 0 8 0 pkpcb 40 4 0 4 1 0 1 1 0 8 1 ppxss 1136 3 0 3 2 1 1 1 0 8 1 pfrktable 1344 98 0 98 1 0 1 1 0 8 1 pftag 88 14 0 14 1 0 1 1 0 8 1 pfrule 1360 22 0 18 1 0 1 1 0 8 0 art_heap8 4096 2 0 0 2 0 2 2 0 8 0 art_heap4 256 198 0 2 13 0 13 13 0 8 0 art_table 32 200 0 2 2 0 2 2 0 8 0 art_node 16 61 0 19 1 0 1 1 0 8 0 sysvmsgpl 40 1 0 0 1 0 1 1 0 8 0 semupl 112 6 0 6 1 1 0 1 0 8 0 semapl 112 25 0 15 1 0 1 1 0 8 0 shmpl 112 22 0 0 1 0 1 1 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 1958 0 560 88 0 88 88 0 8 0 ffsino 240 1958 0 560 83 0 83 83 0 8 0 nchpl 144 2951 0 1360 60 0 60 60 0 8 0 uvmvnodes 72 2384 0 0 44 0 44 44 0 8 0 vnodes 208 2384 0 0 126 0 126 126 0 8 0 namei 1024 7769 0 7769 1 0 1 1 0 8 1 vcpupl 1984 4 0 0 1 0 1 1 0 8 0 vmpool 528 10 0 6 1 0 1 1 0 8 0 pfiaddrpl 120 28 0 28 1 0 1 1 0 8 1 scxspl 192 7703 0 7702 1 0 1 1 0 8 0 plimitpl 152 45 0 38 1 0 1 1 0 8 0 sigapl 424 622 0 592 4 0 4 4 0 8 0 futexpl 56 8622 0 8622 1 0 1 1 0 8 1 knotepl 112 80 0 61 1 0 1 1 0 8 0 kqueuepl 144 58 0 56 1 0 1 1 0 8 0 pipepl 272 124 0 114 1 0 1 1 0 8 0 fdescpl 432 606 0 592 2 0 2 2 0 8 0 filepl 120 3603 0 3507 4 0 4 4 0 8 1 lockfpl 104 55 0 54 1 0 1 1 0 8 0 lockfspl 48 20 0 19 1 0 1 1 0 8 0 sessionpl 112 18 0 8 1 0 1 1 0 8 0 pgrppl 48 26 0 16 1 0 1 1 0 8 0 ucredpl 96 382 0 375 1 0 1 1 0 8 0 zombiepl 144 592 0 592 1 0 1 1 0 8 1 processpl 928 622 0 592 4 0 4 4 0 8 0 procpl 624 1104 0 1066 4 0 4 4 0 8 0 sosppl 128 5 0 5 2 2 0 1 0 8 0 sockpl 400 593 0 575 3 0 3 3 0 8 1 mcl64k 65536 27 0 27 1 0 1 1 0 8 1 mcl16k 16384 7 0 7 1 0 1 1 0 8 1 mcl12k 12288 9 0 9 1 0 1 1 0 8 1 mcl9k 9216 6 0 6 2 1 1 1 0 8 1 mcl8k 8192 16 0 16 1 0 1 1 0 8 1 mcl4k 4096 59 0 59 2 1 1 1 0 8 1 mcl2k2 2112 2 0 2 2 1 1 1 0 8 1 mcl2k 2048 92826 0 92762 24 15 9 20 0 8 0 mtagpl 96 35 0 7 2 1 1 1 0 8 0 mbufpl 256 149348 0 149098 28 6 22 22 0 8 0 mbufpl: pool(0xffffffff827ef020:mbufpl): free list modified: page 0xfffffd8057d23000; item ordinal 2; addr 0xfffffd8057d23700 (p 0xfffffd805bb29000); offset 0x0=0x0 mbufpl: pool(0xffffffff827ef020:mbufpl): page inconsistency: page 0xfffffd8057d23000; item ordinal 3; addr 0xfffffd7f803086ce bufpl 280 3803 0 125 263 0 263 263 0 8 0 anonpl 16 75579 0 58593 82 2 80 80 0 107 5 amapchunkpl 152 3303 0 3151 21 1 20 20 0 158 13 amappl16 192 2615 0 1615 52 0 52 52 0 8 1 amappl15 184 201 0 198 1 0 1 1 0 8 0 amappl14 176 23 0 18 1 0 1 1 0 8 0 amappl13 168 229 0 224 1 0 1 1 0 8 0 amappl12 160 14 0 7 1 0 1 1 0 8 0 amappl11 152 44 0 35 1 0 1 1 0 8 0 amappl10 144 218 0 212 1 0 1 1 0 8 0 amappl9 136 367 0 366 1 0 1 1 0 8 0 amappl8 128 341 0 290 2 0 2 2 0 8 0 amappl7 120 306 0 293 1 0 1 1 0 8 0 amappl6 112 24 0 19 1 0 1 1 0 8 0 amappl5 104 559 0 547 1 0 1 1 0 8 0 amappl4 96 631 0 601 1 0 1 1 0 8 0 amappl3 88 115 0 110 1 0 1 1 0 8 0 amappl2 80 4017 0 3951 2 0 2 2 0 8 0 amappl1 72 22451 0 22030 23 14 9 17 0 8 0 amappl 80 1336 0 1290 2 0 2 2 0 84 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 64 24 0 0 1 0 1 1 0 8 0 uaddrrnd 24 616 0 598 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 616 0 598 1 0 1 1 0 8 0 vmmpekpl 168 7435 0 7401 2 0 2 2 0 8 0 vmmpepl 168 80073 0 77950 120 20 100 113 0 357 7 vmsppl 272 615 0 598 3 1 2 2 0 8 0 pdppl 4096 1238 0 1200 7 1 6 6 0 8 0 pvpl 32 219490 0 199497 191 1 190 190 0 265 16 pmappl 200 615 0 598 1 0 1 1 0 8 0 extentpl 40 53 0 36 1 0 1 1 0 8 0 phpool 112 269 0 26 7 0 7 7 0 8 0 ddb> machine ddbcpu 0 No such command ddb> trace pool_do_put(ffffffff827ef020,fffffd8057d23600) at pool_do_put+0x12e sys/kern/subr_pool.c:836 pool_put(ffffffff827ef020,fffffd8057d23600) at pool_put+0x4b sys/kern/subr_pool.c:794 m_free(fffffd8057d23600) at m_free+0x119 sys/kern/uipc_mbuf.c:459 rt_ifa_del(ffff800000b2bb00,800100,ffff800000b2bb40,0) at rt_ifa_del+0x402 sys/net/route.c:1197 in6_unlink_ifa(ffff800000b2bb00,ffff800000ac6000) at in6_unlink_ifa+0x571 sys/netinet6/in6.c:943 in6_update_ifa(ffff800000ac6000,ffff80001f9a5580,0) at in6_update_ifa+0x13e7 sys/netinet6/in6.c:875 in6_ioctl_change_ifaddr(8080691a,ffff80001f9a5580,ffff800000ac6000) at in6_ioctl_change_ifaddr+0x40c sys/netinet6/in6.c:352 ifioctl(fffffd806252bc80,8080691a,ffff80001f9a5580,ffff80001d6c3608) at ifioctl+0xe60 sys/net/if.c:2180 sys_ioctl(ffff80001d6c3608,ffff80001f9a5698,ffff80001f9a56e0) at sys_ioctl+0x4a1 syscall(ffff80001f9a5760) at syscall+0x507 sys/arch/amd64/amd64/trap.c:570 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x23e629800a0, count: -11 ddb> machine ddbcpu 1 No such command ddb> trace pool_do_put(ffffffff827ef020,fffffd8057d23600) at pool_do_put+0x12e sys/kern/subr_pool.c:836 pool_put(ffffffff827ef020,fffffd8057d23600) at pool_put+0x4b sys/kern/subr_pool.c:794 m_free(fffffd8057d23600) at m_free+0x119 sys/kern/uipc_mbuf.c:459 rt_ifa_del(ffff800000b2bb00,800100,ffff800000b2bb40,0) at rt_ifa_del+0x402 sys/net/route.c:1197 in6_unlink_ifa(ffff800000b2bb00,ffff800000ac6000) at in6_unlink_ifa+0x571 sys/netinet6/in6.c:943 in6_update_ifa(ffff800000ac6000,ffff80001f9a5580,0) at in6_update_ifa+0x13e7 sys/netinet6/in6.c:875 in6_ioctl_change_ifaddr(8080691a,ffff80001f9a5580,ffff800000ac6000) at in6_ioctl_change_ifaddr+0x40c sys/netinet6/in6.c:352 ifioctl(fffffd806252bc80,8080691a,ffff80001f9a5580,ffff80001d6c3608) at ifioctl+0xe60 sys/net/if.c:2180 sys_ioctl(ffff80001d6c3608,ffff80001f9a5698,ffff80001f9a56e0) at sys_ioctl+0x4a1 syscall(ffff80001f9a5760) at syscall+0x507 sys/arch/amd64/amd64/trap.c:570 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x23e629800a0, count: -11